Merge pull request #5153 from penpot/yms-improve-flags-configuration-in-docker-compose

🐳 Improve flags configuration in docker-compose
2025-01-09 08:20:45 -05:00 · 2024-10-10 16:48:57 +02:00 · 2024-10-10 16:48:57 +02:00 · 556ec45efc
commit 556ec45efc
parent 754e09b0de 308b2d95f3
1 changed files with 57 additions and 77 deletions
--- a/docker/images/docker-compose.yaml
+++ b/docker/images/docker-compose.yaml
@ -1,3 +1,34 @@
+## Common flags:
+# demo-users
+# email-verification
+# log-emails
+# log-invitation-tokens
+# login-with-github
+# login-with-gitlab
+# login-with-google
+# login-with-ldap
+# login-with-oidc
+# login-with-password
+# prepl-server
+# registration
+# secure-session-cookies
+# smtp
+# smtp-debug
+# telemetry
+# webhooks
+##
+## You can read more about all available flags and other
+## environment variables here:
+## https://help.penpot.app/technical-guide/configuration/#advanced-configuration
+#
+# WARNING: if you're exposing Penpot to the internet, you should remove the flags
+# 'disable-secure-session-cookies' and 'disable-email-verification'
+x-flags: &penpot-flags
+  PENPOT_FLAGS: disable-email-verification enable-smtp enable-prepl-server disable-secure-session-cookies
+
+x-uri: &penpot-public-uri
+  PENPOT_PUBLIC_URI: http://localhost:9001
+
 networks:
  penpot:

@ -71,26 +102,8 @@ services:
      # - "traefik.http.routers.penpot-https.tls=true"
      # - "traefik.http.routers.penpot-https.tls.certresolver=letsencrypt"

-    ## Configuration envronment variables for the frontend container. In this case, the
-    ## container only needs the `PENPOT_FLAGS`. This environment variable is shared with
-    ## other services, but not all flags are relevant to all services.
-
    environment:
-      ## Relevant flags for frontend:
-      ## - demo-users
-      ## - login-with-github
-      ## - login-with-gitlab
-      ## - login-with-google
-      ## - login-with-ldap
-      ## - login-with-oidc
-      ## - login-with-password
-      ## - registration
-      ## - webhooks
-      ##
-      ## You can read more about all available flags on:
-      ## https://help.penpot.app/technical-guide/configuration/#advanced-configuration
-
-      - PENPOT_FLAGS=enable-registration enable-login-with-password
+      << : *penpot-flags

  penpot-backend:
    image: "penpotapp/backend:latest"
@ -110,31 +123,7 @@ services:
    ## container.

    environment:
-
-      ## Relevant flags for backend:
-      ## - demo-users
-      ## - email-verification
-      ## - log-emails
-      ## - log-invitation-tokens
-      ## - login-with-github
-      ## - login-with-gitlab
-      ## - login-with-google
-      ## - login-with-ldap
-      ## - login-with-oidc
-      ## - login-with-password
-      ## - registration
-      ## - secure-session-cookies
-      ## - smtp
-      ## - smtp-debug
-      ## - telemetry
-      ## - webhooks
-      ## - prepl-server
-      ##
-      ## You can read more about all available flags and other
-      ## environment variables for the backend here:
-      ## https://help.penpot.app/technical-guide/configuration/#advanced-configuration
-
-      - PENPOT_FLAGS=enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server
+      << : [*penpot-flags, *penpot-public-uri]

      ## Penpot SECRET KEY. It serves as a master key from which other keys for subsystems
      ## (eg http sessions, or invitations) are derived.
@ -147,70 +136,61 @@ services:
      ##
      ## python3 -c "import secrets; print(secrets.token_urlsafe(64))"

-      # - PENPOT_SECRET_KEY=my-insecure-key
+      # PENPOT_SECRET_KEY: my-insecure-key

      ## The PREPL host. Mainly used for external programatic access to penpot backend
      ## (example: admin). By default it will listen on `localhost` but if you are going to use
      ## the `admin`, you will need to uncomment this and set the host to `0.0.0.0`.

-      # - PENPOT_PREPL_HOST=0.0.0.0
-
-      ## Public URI. If you are going to expose this instance to the internet and use it
-      ## under a different domain than 'localhost', you will need to adjust it to the final
-      ## domain.
-      ##
-      ## Consider using traefik and set the 'disable-secure-session-cookies' if you are
-      ## not going to serve penpot under HTTPS.
-
-      - PENPOT_PUBLIC_URI=http://localhost:9001
+      # PENPOT_PREPL_HOST: 0.0.0.0

      ## Database connection parameters. Don't touch them unless you are using custom
      ## postgresql connection parameters.

-      - PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
-      - PENPOT_DATABASE_USERNAME=penpot
-      - PENPOT_DATABASE_PASSWORD=penpot
+      PENPOT_DATABASE_URI: postgresql://penpot-postgres/penpot
+      PENPOT_DATABASE_USERNAME: penpot
+      PENPOT_DATABASE_PASSWORD: penpot

      ## Redis is used for the websockets notifications. Don't touch unless the redis
      ## container has different parameters or different name.

-      - PENPOT_REDIS_URI=redis://penpot-redis/0
+      PENPOT_REDIS_URI: redis://penpot-redis/0

      ## Default configuration for assets storage: using filesystem based with all files
      ## stored in a docker volume.

-      - PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
-      - PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets
+      PENPOT_ASSETS_STORAGE_BACKEND: assets-fs
+      PENPOT_STORAGE_ASSETS_FS_DIRECTORY: /opt/data/assets

      ## Also can be configured to to use a S3 compatible storage
      ## service like MiniIO. Look below for minio service setup.

-      # - AWS_ACCESS_KEY_ID=<KEY_ID>
-      # - AWS_SECRET_ACCESS_KEY=<ACCESS_KEY>
-      # - PENPOT_ASSETS_STORAGE_BACKEND=assets-s3
-      # - PENPOT_STORAGE_ASSETS_S3_ENDPOINT=http://penpot-minio:9000
-      # - PENPOT_STORAGE_ASSETS_S3_BUCKET=<BUKET_NAME>
+      # AWS_ACCESS_KEY_ID: <KEY_ID>
+      # AWS_SECRET_ACCESS_KEY: <ACCESS_KEY>
+      # PENPOT_ASSETS_STORAGE_BACKEND: assets-s3
+      # PENPOT_STORAGE_ASSETS_S3_ENDPOINT: http://penpot-minio:9000
+      # PENPOT_STORAGE_ASSETS_S3_BUCKET: <BUKET_NAME>

      ## Telemetry. When enabled, a periodical process will send anonymous data about this
      ## instance. Telemetry data will enable us to learn how the application is used,
      ## based on real scenarios. If you want to help us, please leave it enabled. You can
      ## audit what data we send with the code available on github.

-      - PENPOT_TELEMETRY_ENABLED=true
+      PENPOT_TELEMETRY_ENABLED: true

      ## Example SMTP/Email configuration. By default, emails are sent to the mailcatch
      ## service, but for production usage it is recommended to setup a real SMTP
      ## provider. Emails are used to confirm user registrations & invitations. Look below
      ## how the mailcatch service is configured.

-      - PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com
-      - PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com
-      - PENPOT_SMTP_HOST=penpot-mailcatch
-      - PENPOT_SMTP_PORT=1025
-      - PENPOT_SMTP_USERNAME=
-      - PENPOT_SMTP_PASSWORD=
-      - PENPOT_SMTP_TLS=false
-      - PENPOT_SMTP_SSL=false
+      PENPOT_SMTP_DEFAULT_FROM: no-reply@example.com
+      PENPOT_SMTP_DEFAULT_REPLY_TO: no-reply@example.com
+      PENPOT_SMTP_HOST: penpot-mailcatch
+      PENPOT_SMTP_PORT: 1025
+      PENPOT_SMTP_USERNAME:
+      PENPOT_SMTP_PASSWORD:
+      PENPOT_SMTP_TLS: false
+      PENPOT_SMTP_SSL: false

  penpot-exporter:
    image: "penpotapp/exporter:latest"
@ -221,10 +201,10 @@ services:
    environment:
      # Don't touch it; this uses an internal docker network to
      # communicate with the frontend.
-      - PENPOT_PUBLIC_URI=http://penpot-frontend
+      PENPOT_PUBLIC_URI: http://penpot-frontend

      ## Redis is used for the websockets notifications.
-      - PENPOT_REDIS_URI=redis://penpot-redis/0
+      PENPOT_REDIS_URI: redis://penpot-redis/0

  penpot-postgres:
    image: "postgres:15"